The World Privacy Forum commented on an important proposal to make changes to the existing rules regarding the confidentiality of alcohol and drug abuse patient records. The proposal is from the Substance Abuse and Mental Health Services Administration (SAMHSA), part of the US Department of Health and Human Services. These proposed rule changes are important, as the current

The Nuremberg Code, an extraordinary document around ethics and research on human subjects written after the research abuses that took place during World War II, is akin to a global Emancipation Proclamation for human research subjects. The Nuremberg Code’s 10 principles remain a timeless rendering of thought on what should be in place prior to any entity conducting research on human subjects, and this code forms the philosophical foundation of a regulation in the US known as the Common Rule. We have written extensive comments on the US proposal that will update the Common Rule…

In our view, the Department’s proposed changes to HIPAA regarding marketing are contrary to the law. Current law requires that paid communications for any marketing should be allowed only on an opt-in basis. We oppose the Department’s proposed regulation that would allow communications paid for by third parties who are not the entities whose product or service is being described in the communication.

Health privacy and HIPAA — The World Privacy Forum filed two sets of detailed regulatory comments on recently proposed changes to HIPAA. The first comments focused on proposed changes to HIPAA in the area of marketing patient information. The proposed changes would be harmful to patient privacy, and are contrary to the law. WPF was joined in the marketing comments by the Center for Digital Democracy, Consumer Action, Consumer Federation of America, the Electronic Frontier Foundation, Privacy Activism, Privacy Rights Clearinghouse, and Privacy Times. The second set of comments WPF filed included the comments on marketing as well as on additional provisions that would be problematic if enacted.

Financial privacy and SEC — The World Privacy Forum filed comments today criticizing the SEC proposed regulations that would release an unprecedented amount of financial details about individual borrowers through the EDGAR database. The WPF was joined by other privacy, consumer, and human rights organizations in its comments, which focused on the privacy issues with the proposed regulations. Pam Dixon, executive director of the WPF, stated in the comments that the SEC’s new regulations would “Place on the public record and online the largest amount of personal financial information about borrowers ever disclosed, including information never before made public.” The comments also note that the SEC’s plan greatly increases the risk of identity theft for individual borrowers whose information will be released publicly.

This new World Privacy Forum report reviews privacy law applicable to the Precision Medicine Initiative (PMI), and the large medical information and biospecimen database at its center. The HIPAA health privacy rule and its protections for individuals will not apply to PMI research activities. The key privacy concerns raised by the PMI are the lack of applicable law to govern its collection and use of individuals’ health data, the potential waiver of the patient-physician legal privilege that can shield data from disclosure through litigation, and the possibility of law enforcement access to patient records held in the PMI.

To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions. This new report by Pam Dixon and Robert Gellman explores this issue of predictive scores and privacy.